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Part I 

• The Need for Network Management 

• Network Management Defined 

• Protocols and Technologies 

• Functional Areas of Network Management 

Part II 

• Preparing a Network for Management 

• Real World Applications of Proper Management 
Practices 
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The Case for Management 

^- Cisco.com 


• Typical problem 

Regional user arrives at 
work and experiences slow 
or no response from 
corporate web server 

• Where do you begin? 

Where is the problem? 
What is the problem? 

What is the solution? 

• Without proper network 
management, these 
questions are difficult 
to answer 
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Corp Network 


The Case for Management 

^- Cisco.com 


With proper management 
tools and procedures in 
place, you may already have 
the answer 

Consider some possibilities 

1. What configuration changes 
were made overnight? 

2. Have you received a device 
fault notification indicating 
the issue? 

3. Have you detected a security 
breach? 

4. Has your performance 
baseline predicted this 
behavior on an increasingly 
congested network link? 



Corp Network 
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The Case for Management 

^- Cisco.com 

Solving a Typical Problem 
Like This Includes the Following: 


An accurate database of 
your network’s topology, 
configuration, and 
performance 

A solid understanding of the 
protocolsand models used 
in communication between 
your management server and 
the managed devices 

Methods and toolsthat allow 
you to interpret and act upon 
gathered information 
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ROI Example 

Using a Management Tool for Daily Tasks 
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Number of Managed Devices 800 

Average Manual Process Time Required (Man-Hours) 


Min/Device/Qtr) 


u ^ rada 1 


0.05 


EaddytarU Shim'#*; 


Ml 


0.2y (IOii'Jln/Di)yIoa/-iI-;Vimool) 


CUiiiter In van jury Juformaiior j 


0.0'J ( 2 .fJlii/L>aylao/Cttr)' 


Dauuma.miny c|j| 


Cost per Man-Hour $48.84 


(5lYlin/Insldgnt) 


'J0.00 (Per Qlr) 


Manual Configuration Error Rate 2% 


1 Configuration Management 
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The Network Manager’s Responsibility 

^- Cisco.com 


Ensure that the users of a network 
receive the information technology 
services with the quality of service that 
they expect 

Strategic and tactical planning of the 
engineering, operations, and 
maintenance of a network and network 
services 

Help network engineers deal with the 
complexity of a data network and to 
make sure that data can go across it with 
maximum efficiency and transparency to 
the users 
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Network Management Defined 


Cisco.com 
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Communicating with the Network 

^- Cisco.com 



Managed Network 
Elements Are Waiting 
to Provide Us with 
Useful Information... 



Network Management 
Begins with an Understanding 
of How to Collect and Interpret 
This Information 
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Methods of Communication 
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Example Security Options 


Console 

Terminal Server 

Device Usernames 

TAC ACS/RADI US 

Telnet 

ReflectionX 

Software 

SSH 

HTTP 

Embedded Device 
Management 

SSL (HTTPS) 

SNMP 

MRTG 

Multi Router 

Traffic Grapher 

SNMPvl, 2c - Access Lists 
SNMPv3 - Auth/Priv 
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Two-Tier Management 
Communication 
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The Model 



} Network 
Elements 
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Two-Tier Management 
Communication 


The Real World 


CiscoWorks 

HP-OpenView 



Network 

Management 

System 


Cisco.com 


Z 



Printer 



Unsolicited 

Events 


Router 



Call 


Manager 
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Three-Tier Management 
Communication 

^- C,sco.com 

The Model 


NMS 


{ 


Pi 

m'/ 

i 

i 

Unmanaged 

Element 


Manager 


j 

t_ 



Agent 

Managed 

Element 



MDB 


1 


RMON 

Probe 


i 


} Network 
Elements 
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Three-Tier Management 
Communication 


The Real World 


CiscoWorks 
Concord eHealth 
/ A 



t 


Managed 

Element 


{ 



Switch 


Cisco.com 


Network 

Management 

System 



Switch Probe 
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SNMP Primer: 

Understanding the Agent 

^- Cisco.com 



* Information structured as per Structure of Management 
Information (SMI) standards 

* Object definitions provided in many Management 
Information Bases (MIBs) 
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SNMP Primer: 

Understanding the Protocol 

^- Cisco.com 


NMS 



r 

Managemer 


Get Request, Get-Next Request 

Get-Bulk Request 

Set Request 

j 

Entity 


Get Response 


Trip t 

SNMPvl, SNMP v2c 


SNMP 
Manageable 
Device 


O 6o 


Get requests used to read the value of object 
Set requests used to modify the value of object 
Traps provide asynchronous event notification 


NMS-1001 

8230_06_2003_X2 © 2003, Cisco Systems, Inc. All rights reserved. 18 


Copyright ©2001, Cisco Systems, Inc. All rights reserved. Printed in USA. 
8230 06 2003 X2.scr 





































Configuring NM Protocols 

^- Cisco.com 


SNMP 


Level I Auth I Encryption What 

8 I !j Happens 
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Measurement Technology 

SNMP Protocol - Background 

• Simple Network Management Protocol 

• IOS versions 


10.3 

-> SNMPvl + v2 

11.0, 11.1, 11.2 

-> SNMPvl + v2 

11.3 

-> SNMPvl + v2c 

12.0 

-> SNMPvl + v2c 

12.0(3)T 

-> SNMPvl + v2c + v3 

12.0(6)S 

-> SNMPvl + v2c + v3 

12.1 

-> SNMPvl + v2c + v3 

12.2 

-> SNMPvl + v2c + v3 
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Apple (63) 


Microsoft (311) 


Unassigned (9118) 


Vendor Administered 


SNMP Object Identification 

^- Cisco.com 

* Need a scheme that allows two 
vendors or products within a i 
vendor to compare like items iso 

Object Identifiers (01D) were chosen ° r g 
as the identification scheme 

internet 

An OID is an ordered sequence of 
non-negative integers written left to m a mt 
right, containing at least two 
elements (0.0) 

Bound to simple names in MIB 
Modules: 

“ifDescr” is 1.3.6.1.2.1.2.2.1 
“iflnOctets” is 1.3.6.1.2.1.2.2.1.10 
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Applying a Management Model 
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The Five Facets 

of Proper Network Management 

^- Cisco.com 

* Addresses the network 
management applications 
that reside upon the NMS 

• OSI model categorizes five 
areas of function 
(sometimes referred to as 
the FCAPS model): 

Fault 

Configuration 
Accounting 
Performance 
Security 
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Fault Management 

^- Osco.com 


• “The process of locating, 
diagnosing, and correcting 
network problems” 

• Increases network reliability 
and effectiveness 

• More than just “firefighting” 

• Increases the productivity 
of network users 


Device Down? 


/ 
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Fault Management 

^- Cisco.com 


Steps for successful fault management: 


srf 


Identify the problem by gathering information 
about the state of the network (polling and trap 
generation) 


Restore any services that have been lost 

s/ Isolate the cause and decide if the fault should 
be managed 

Correct the fault if possible 
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Configuration Management 

^- Cisco.com 


“The process of obtaining data 
from the network and using that 
data to manage the setup of all 
network devices” 

Allows rapid access to 
configuration information 

Facilitates remote configuration 
and provisioning 

Provides an up-to-date inventory 
of network components 


Speed? 

Duplex? 
Trunking? 
VLANs Allowed? 
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Configuration Management 


Cisco.com 


sf 

szf 

fif 


Steps for successful configuration 
management: 

Gather current network configuration (either 
manually or automatically) 

Use that data to modify network device 
configuration in order to provision the network 

Store the configuration data and maintain an 
up-to-date inventory of all network 
components 

Produce various inventory reports 
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* “Measuring the usage of 
network resources by users in 
order to establish the metrics, 
check quotas, determine costs, 
and bill users” 

* Measures and reports 
accounting information based 
on individual groups and users 

• Administers the cost of 
the network 

• Internal verification of 
third-party billing for usage 



Total Broadcasts? 
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Accounting Management 

^- Cisco.com 




Address the different steps involved for 
accounting management: 

Gather network resource utilization 
information 



Use metrics to set usage quotas 
Billing users for their network use 
Consider the cost of accounting 
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“Ensuring that the data 
network remains accessible 
and as uncongested as 
possible” 

Reduces network 
overcrowding and 
inaccessibility 

Provides a consistent level 
of service to the 
network user 


Determine utilization 
trends to proactively 
isolate and solve 
performance problems 


Cisco.com 


Utilization? 
Peak/m in/max? 

Error Rates 
Unicast Rates? 
Broadcast Rates? 1 



CPU Utilization? 
Free Memory? 
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Performance Management 
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* Steps for successful performance management 

({ Collect data on current network link and device 
^ utilization 

Baseline the utilization metrics and isolate any existing 
performance problems 

V. Set utilization thresholds based on the baseline 

y Analyze the historical data for recognizing trends 

Resource planning and tuning 

Remember-Measuring performance impacts 
performance 
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Cisco.com 


“Protecting sensitive 
information on devices 
attached to a data network by 
controlling access points to 
that information” 

Builds network user 
confidence 

Secures sensitive information 
from both internal and 
external sources 

Protects the network 
functionality from malicious 
attacks 


MAC Address 
Locked to Port 



Access List 
Blocks Connections 
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Security Management 
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• Steps for successful security 
management: 


s/ Identify sensitive information or devices 

Find the access points 

J Secure the access points 

Protect the sensitive information by 
configuring encryption policies 

Implement a network intrusion detection 
scheme to enhance perimeter security 
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Cisco.com 


...» Security 
MIBs 

SNMP 

Accounting 

Performance 

Fault p 

Configuration 


SLA 


QoS 


High Availability 


WAN 


VoIP 



LAN 
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Configuring SNMP 
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Configuration syntax operating system (OS) dependant 


CatOS’ agent has two write access policies 
Read-write—partial configuration access 
Read-write-all—full configuration access 
CatOS’s agent has defaults— Change them! 

R/O = public • R/W = private • R/W/A = secret 
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set logging server <IP_Addr> 

I 

logging on 

set logging server level 6 

| 

logging <hostname / IP_Addr> 

set logging server facility local7 


logging facility local7 

set logging level sys 6 default 


logging trap informational 

set logging timestamp 

1 

logging source-interface loopbackO 

set logging enable 

I 

service timestamps log datetime 


Syntax differs between IOS and catalyst OS devices 

Message textual format differs between IOS and catalyst 
OS devices 

Resource manager essentials requirement 

Logging level informational (6) 
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Configuring Telnet 
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* Syntax differs between IOS and catalyst OS devices 

* Catalyst switches have telnet enabled but no 
console/telnet or enable passwords by default—add them 

* IOS devices do not have telnet enabled 

Enable for management support 
Secure with TACAS+ 
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Confiaurina CDP and ILMI 


Cisco.com 


Global 


set cdp [enable/disable] 


Per Port 


set cdp [enable/disable] <mod/port> 



Global 


Per Interface 


cdp enable 


ILMI tor ATM InfeHae© 

atm pvc 2 0 16 ilmi 


Syntax differs between IOS and catalyst OS devices 
CDP enabled by default on most interfaces 
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set ntp client enable 
set ntp server <IP_Addr> 
set ntp timezone PST -8 
set summertime enable PST 

1 

1 

ntp server <IP_Addr> 
ntp source LoopbackO 

ntp update-calendar 

clock timezone PST -8 


1 


1 

clock summer-time PDT recurring 


Syntax differs between IOS and catalyst OS devices 
Configure NTP on management server 

Time synchronization important for proper syslog, traps, and 
monitoring correlation 
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Additional Configuration 
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Cat-IOS IOS 

• Cisco IOS device 

Hostname and SNMP 
contact, location, 
chassis-id 

User login authorization 
local or TACACS+ 

SNMP access lists 

RMON alarms and 
events (statistics and 
history if available) 

NMS-1001 

8230_06_2003_X2 © 2003, Cisco Systems, Inc. All rights reserved. 


CatOS 

• Catalyst switch 

System name, 
contact, location 

User login authorization 
local or TACACS 

Mini-RMON statistics, 
history, alarms, 
and events 

VTP domain name 


Designing for Management 
Preferred Management Interfaces 

^- Cisco.com 

Management systems communicate via IP with managed devices 
The IP address should be chosen carefully to provide the highest 
availability 

It is a best practice to use a very stable physical address or a 
configured Loopback address 



Physical Interfaces— Actual Virtual Interfaces— Only exist 

ports on router chassis in the device configuration 


• EthernetO/O • LoopBackO 

• Serial 0/1 • VLAN interfaces 
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Designing for Management 
Redundant Infrastructure 

^- C,sco.com 


High availability management 

Completely separates 
management from 
user data 

Management link is in 
separate subnet, VLAN, 
and switch 

Higher assurance for 
management data delivery 
during congestion or 
convergence 
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Designing for Management 
Terminal Servers 


Out of band 
Failsafe access 


Console connection only, 
no SNMP 

Connect to redundant 
infrastructure 

Secure AUX ports when 
using modem 


Regional Offices 


Cisco.com 

Modem 


Corp Network 


Serial Cable 
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Fault 

Configuration 

Accounting 

Performance 

Security 
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Fault Management 

Real World Example 

^ Cisco.Qom 

The Problem 

• Network administrator was receiving fault 
notifications of a recurring problem; each evening 
between 8:00 and 8:30 connectivity is lost to a 
branch office; connectivity is restored at 
approximately 9:00pm 


7:50pm 8:30pm 9:00pm 
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Fault Management 
Real World Example 

^ Cisco.com 

Considerations 

• Is an entire device failing? If so, what device? 

• Is a link failing? If so, which link? 

• How can this be prevented in the future? 

Management Processes in Place 

• Actively polling critical devices for availability 

• Notification tool to alert administrator 

The SoiluiJDri > 
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Fault Management 
Real World Example 

^ Cisco.com 

The Solution 


The Loss of Connectivity 
Was Linked to the Late Night 
Janitor Unplugging the WAN 
Router to Plug in His Radio 


The Solution Was to Provide 
the Late Night Janitor with an 
Extension Cord 
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Fault Management 
Device Fault Manager 

^- Cisco.com 


Administrator was notified of 
failure via a notification tool 

Device level fault analysis for 
Cisco products 

Identify POSSIBLE problems 

Determines root cause of 
exceptions 

Monitor for high availability 

Pager/e-mail/trap forwarding 

MIBs, polling intervals and 
thresholds set—OUT OF 
THE BOX 

• NO RULES TO WRITE 
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Fault Management Tools 
HP and Tivoli 

^- Csco.com 


• Correlate and manage 
events and SNMP traps 




Perform fault isolation and 
root cause analysis 
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Configuration Management 

Real World Example 

^ Cisco.com 

The Problem 

• Network administrator notices night time 
configuration changes in the production network 
followed by immediate configuration rollbacks to 
disguise any tampering 


10:55pm 11:05pm 11:23pm 


1 oggi ng 192. 1 68. 7 6. 2 2 8 

1 oggi ng 192. 1 68. 7 6. 2 2 8 

1 oggi ng 192. 1 68. 7 6. 2 2 8 

1 oggi ng 192. 1 68. 7 6. 2 29 

1 o a ai na 192. 1 68. 7 6. 2 29 

1 oggi ng 192. 1 68. 7 6. 2 29 

1 

<dj^ n 9 1 9 2. 1 6 8. 7 6~~4^> 

! 

snmp-server community public RO 

! 

snmp-server community public RO 

snmp-server community forks RW 

snmD-server c o mmu n i t v n u b 1 i c RO 

snmp-server community forks RW 

snmp-server syst em-s hut down 

din mp- server community spoons RVL> 

snmp-server syst em-s hut down 


snmp-server system-shutdown 
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Configuration Management 
Real World Example 

^ Cisco.com 

Considerations 

•What changes were made? 

•When were the changes made? 

•Who made them? 

•How can this be prevented in the future? 

Management Processes in Place 

< Devices configured to send config change syslog 
messages to NMS 

•User authentication tool 

•Configuration archiving 

Thy solution-► 
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Configuration Management 
Real World Example 

^ Cisco.com 


The Solution 


The Network Configuration 
Changes Were Being Made by a 
Colleague Studying for His 
CCIE Exam after Hours Using 
the Production Network 


The Solution Was to Provide the 
Culprit with an Unused 2600 
Router to Be Used in His Home 
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Configuration Management 

Resource Manager Essentials Change Audit Service 


A Changes to CU (fH, 

v a 

-AAA 


Changes from CiscoWorks 
Periodic Scans or Scheduled Jobs 




Configuration 

Manager 


Inventory 

Manager 

II 

Software 

Manager 


Syslog 

Analyzer 


Syslog 

Database 



j'jj-iriiitjsid 

Evsrjis 


Inventory 
Database 
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Change Audit 
Reports 
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Configuration Management 
RME Change Audit Setup 

^ Cisco.com 

Change Audit relies on syslog messages to operate 

Point syslogs from all managed devices (except Pix firewalls) to 
the RME server 

Collection of usernames occurs in 3 ways: 

1. Using usernames on devices themselves 
2 Using a RADIUS or TACACS server 

3. Using a configurations change tool in RME (NetConfig, Config Editor) 
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Configuration Management 
Resource Manager Essentials 

^- Cisco.com 

• Inventory Manager 

Complete Cisco asset management 
Support for IGX, BPX and MGX 

• Software Image Manager 

Software lifecycle management for routers and Catalyst switches 
Improved browse bug by device 

• Configuration Manager 

Version control, archival, editing and reporting 
Network-wide config changes 

• Change Audit Services 

Single interface for all hardware, software, and configuration 
changes 
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Configuration Management 
RME Inventory Manager 
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Hardware and software 
summary information 

Chassis type 
Memory 
Flash 
Modules 

Support for all Cisco 
devices in the network 
including Call Manager, 
VPN 3000, IGX, BPX, MGX 

Multiservice port 
reporting 
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Configuration Management 
IOS and CatOS Upgrades 

^ Cisco.com 


Use a dedicated TFTP 
server to store and 
distribute software 
images 


core-650 

6- ms f c #c o py 

t f t p 

flash 

Address 

or na me of 

r e mo t e 

host []? 19. 16. 76. 175 

Source f 

i 1 e n a me [ ] ? 

12. 1. 

8a 

Desti nat 

ion f i 1 e n a me [ ] ? 

12. 1. 8a 


or 

Resource Manager 
Essentials includes 
Software Image 
Manager to automate 
the upgrade process 
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Configuration Management 
RME Configuration Manager 
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• NetConfig 

Wizard-based template for 
global configuration changes 

Changes can be performed 
against multiple devices in 
the network 

Adhoc can be used for 
any CLIs 



* Config Editor 

Opens config from selected 
device in “notepad” like 
window 

Edit functions (cut, paste) 

Changes a single device 
at a time 
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Access Control List Manager 
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Integrated with CiscoWorks 
Resource Manager 
Essentials 

Leverages functions from 
Inventory, Configuration Archive, 
Transport, Change Audit, 
Schedule, etc. 

Structured approach to 
managing ACL policies 

Reduces time to deploy 
multiple changes 

Reduces errors in ACL definition 

Reduces time and improved 
accuracy for add, moves and 
changes for users and servers 
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Accounting Management 
NetFlow 
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Row 

Collectors 


>jJ Ptobii* 


*NAM 


Network Planning 


Accounting/Billing 


□□□ 


Flow Profiling 

HI 

Network Monitoring 
End-User Apps 


NetRow// 
Data Export 
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Real World Example 
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The Problem 

• A university network administrator observes dramatic 
increase in outgoing WAN traffic resulting in increased 
costs and decreased response times 


■a 

c 

o 

o 

V 

</> 

o 

o. 



32.0 M 
24.0 M 
16.0 M 
8.0 M 
0.0 M 


Solid Green Represents Incoming Traffic 
Blue Line Represents Outgoing Traffic 
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Performance Management 
Real World Example 

^- Cisco.com 

Considerations 

• What traffic type is leaving the university? 

• Why is the traffic being generated? 

• Who is generating the traffic? 

• How can this be prevented in the future? 

Management Processes in Place 

• Link usage trending software 

• Traffic capture and analysis capability 

• Scalable QoS policy deployment software 

The Solution > 
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Performance Management 
Real World Example 
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The Solution 

The Network Congestion Was Being Caused by 
File Sharing Applications 

The Solution Was to Deploy Quality of Service 
Policies to Edge Devices 


Pre-Policy Traffic Post-Policy Traffic 
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Performance Management 
Link Usage Trending 
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University was 
logging incoming and 
outgoing usage over 
time with MRTG 

Monitors traffic load on 
network links based on 
SNMP statistics 

Generates real-time 
HTML traffic reports 

Can be used to monitor 
any SNMP variable you 
choose 

It’s FREE! www.mrtq.org 


MULTI ROUTER TRAFFIC GRAPHER 


Daily' Graph (5 Minute Average) 
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Max In: 625.1 kB/s (5.0%) Average In:9170.0 B/s (0.1%) Current In:2138.0 B/s (0.0%) 
Max Out:7505.0 kB/s (60.0%) Average Out: 83.0 kB/s (0.7%) Current Out:5604.0 B/s (0.0%) 


'Weekly' Graph (30 Minute Average) 
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Traffic Analysis 
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Packet Capture and Decode 

Three-tier organization 
model example 

Collects RMON 
data from 

intermediate devices 

Tool analyzes 

data for performance 

metrics 


NetScout. 
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Performance Management 
Traffic Analysis 
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Network Analysis Module 


Integrated Traffic Monitoring 
solution for Catalyst 6000 Family 

Enables full Traffic Monitoring 
Real time traffic analysis 
Performance monitoring 
Troubleshooting 

Web based embedded Traffic 
Analyzer 

VoIP, QoS(DSMON), ART, 
VLAN(SMON), RMON 1&2 
monitoring 

Data Capture and Decode, Alarms 

Supported by other applications 

nGenius Real-Time Monitor, 
CiscoView, Concord eHealth 



NMS-1001 

8230_06_2003_X2 © 2003, Cisco Systems, Inc. All rights reserved. 69 


Performance Management 
Managing QoS 



Cisco.com 


Coloring 


T0S 1 1 1 

Data 1 




Monitor Traffic 
by Service/App 


Application discovery 

Classification into 
service classes 

Service class provisioning 
and enforcement 
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Performance Management 
Internetwork Performance Monitor 
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WAN troubleshooting 

Measures hop-by-hop 
response time, availability, 
jitter, and drops 

Provides real-time and 
historical reports 

Utilizes Service 
Assurance Agent 
embedded in Cisco IOS 

Validates and measures 
TCP, UDP, HTTP, VoIP, 
DNS, ICMP with QoS 
awareness 
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Real World Example 
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The Problem 


Network administrator was concerned that should the 
device SNMP community strings get into the wrong 
hands sensitive information could be extracted and 
unauthorized changes made 




Simple Network Management Protocol 
Version: 1 

Community: public 
PDU type: RESPONSE 
Request Id: 0xd1786f78 
Error Status: NO ERROR 
Error Index: 0 

Object identifier 1:1.3.6.1.2.1.2.2.1.8.8 
Value: INTEGER: 1 (0x1) 


0000 00 50 04 6f d7 40 00 dO d3 9d 73 dO 08 00 45 00 .P.o.@...s...E^ 

0010 00 4a 59 83 00 00 ff 11 47 d9 cO a8 4c 01 cO a8 .JY.G...U? 

0020 4c f4 00 al 13 11 00 36 fd 93 30 2c 02 01 00 ™ 1 
0030 06 70 75 62 6c 69 63 a2 If 02 04 dl 78 6f 78 (I^Tpublic.^xox. 
0040 01 00 02 01 00 30 11 30 Of 06 0a 2b 06 01 02 0T i h=fi^!+.... 
0050 02 02 01 08 08 02 01 01 c3 6f 2e 6b .o.k 
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Security Management 
Real World Example 

^ Cisco.com 

The Process 

• Administrator must make choose 
from the following: 

Make frequent and time consuming changes 
of the community strings on all devices 

Lock down SNMP access to the 
managed devices 


The Solution-► 
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Real World Example 
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The Solution 

• The network administer deployed access lists to the 
vulnerable devices to restrict SNMP from all hosts except 
those in a known secure subnet 



i 

i 

i 

i 


set ip permit enable snmp 

Set ip permit 19.16.76.192 255.255.255.192 snmp 


snmp-server community <MyString> ro 100 
snmp-server community <MyString> rw 100 
access-list 100 permit 19.16.76.192 0.0.0.63 
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Security Management 
Restricting Network Access 

^- Cisco.com 

• User access to network services 

VPN access becoming more and more common 

Common vulnerabilities are shared resources (i.e. computer 
labs) 

• Administrator access to network devices 

Third party authentication software 
Usernames on network devices 
Access control lists 

Telnet, Console, and SNMP Access must be secure 
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Security Management 
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Controls network access by configuring access points 

Protects the flow of sensitive information by provisioning IPSec 
VPNs to encrypt the data 

Protects from malicious network attacks using intrusion 
detection sensors 
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Voice Management 
Pulling It All Together 
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The Problem 

• Branch office user complains of inability to 
make a VoIP telephony call to corporate 
headquarters 



Regional Office Corporate Headquarters 
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Do you have a fault 
detection and 
notification tool in place 
in the network? If so, 
you may already have 
the answer 




Regional Office 


i —i 

Corporate Headquarters 
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Yesterday 


Today 


Verify device 
configurations have 
not been changed to 
adversely affect 
VoIP 


Regional Office 


Corporate Headquarters 
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VoIP Jitter Test between Offices 


Compare current 
network performance 
against established 
baseline 




Regional Office 


Corporate Headquarters 
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Performance Management 
A Note on IPM Jitter Reports 

^ Cisco.com 




Your “source” and “target” must be an SA Agent capable router 

You must issue the global configuration to turn on the RTR 
(Response Time Reporter) responder on the target 


core - 6506 - ms fc(config)#rtr responder 
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Pulling It All Together 
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The Solution 

• When faced with a network problem regarding 
downtime or significant degradation, many different 
components of proper management must be in place 
to simplify the troubleshooting process 
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Review of Agenda and Main Points 
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What Have We Learned Today? 

• The Need for Management 

Contribution to Bottom Line through High Availability 

• Network Management Defined 

Understanding and Controlling Network Information and Services 

* Protocols and Technologies 

Communication Models, MIBs, SNMP gets, SNMP Sets, SNMP Traps 

* Functional Areas of Network Management 

Fault, Configuration, Accounting, Performance, Security 

* Preparing a Network for Management 

Configuring SNMP, Syslog, Telnet, CDP, ILMI, NTP, LoopBack 

• Real World Applications of Proper Management 

Real World Examples 
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Conclusions 
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• Network management can best be defined in 
terms of the goals—Providing network users 
services with the quality and transparency 
they expect 

• The network management model: Incorporation 
of all FCAPS components 

• Network management tools to address each 
functional area 

• Network management helps the bottom line— 
Efficiency and productivity 
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Cisco Network Management 
Surveys - Continuous Improvement 
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• What: Cisco network management product web 
surveys 

• How: E-mail sent to product user list with URL link to a 
survey 

• Who: Primary users of a Cisco network management 
product 

• When: Surveys sent via e-mail after a product has 
shipped for 6 months. Typically we do two surveys on 
a specific product per month 
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Surveys - Getting Involved 
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• Send an e-mail to Greg Ryan at Cisco: 

qrearyan@cisco.com if you wish to be on 
the survey list. He will ask you what Cisco 
network management products you have and 
which versions you are using. 

• There is no obligation and you can opt not to 
take the surveys. A gift is mailed to all 
survey takers. 


NMS-1001 

8230_06_2003_X2 © 2003, Cisco Systems, Inc. All rights reserved. 86 


Copyright ©2001, Cisco Systems, Inc. All rights reserved. Printed in USA. 
8230 06 2003 X2.scr 










Further Study and References 
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• Network Management: A Practical Perspective— 
Leinwand and Fang Conroy ISBN# 0201609991 

• Network Management: Principles and Practice— 
Subramanian ISBN# 0201357429 

• How to Manage Your Network Using SNMP: 

The Networking Management Practicum—Rose and 
McCloghrie ISBN# 0131415174 

• Performance and Fault Management—Della 
Maggiora, Elliott, Pavone, Phelps, and Thompson 
ISBN# 1578701805 

• Cisco Enterprise Management Solutions—Wynston 
ISBN# 1587050064 
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Other Network Management Sessions 
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NMS-2021: Configuration of Large Scale Networks with 
CiscoWorks 

NMS-1031: Introduction to Collecting Traffic Accounting 
Information 

NMS-1011: Principles of Fault Management 

NMS-1051: Securely Managing your Network 

NMS-2001: Network Troubleshooting Tools and Techniques 

SEC-1000: Introduction to Network Security 

SEC-2006: Managing Security Technologies 
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Recommended Reading 
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Performance and Fault 
Management 

ISBN: 1578701805 


Available on-site at the Cisco Company Store 
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